analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://fashionhold.info

Full analysis: https://app.any.run/tasks/82fdd6d3-bc14-4c03-896a-f227caebe847
Verdict: Malicious activity
Analysis date: May 15, 2019, 15:23:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

6D7438C2E5451DDDACF466B3DA33171F

SHA1:

9312CE82E17D304E5D70C3A91C7945E9F4C3ACD2

SHA256:

FC4634901100C02448B1A6FF617618EBCBECD9C9A5CE1968B5A5D630594E6AE0

SSDEEP:

3:N1KYFwJu6:CYV6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2840)
    • Creates files in the user directory

      • iexplore.exe (PID: 1100)
    • Reads internet explorer settings

      • iexplore.exe (PID: 1100)
    • Changes internet zones settings

      • iexplore.exe (PID: 2840)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2840"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1100"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2840 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
369
Read events
308
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
16
Unknown types
4

Dropped files

PID
Process
Filename
Type
2840iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2840iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1100iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HQ3I3ZEN\fashionhold_info[1].txt
MD5:
SHA256:
1100iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:AD5EA7AD165259E231D264CB53EBA623
SHA256:5160FD4231A610E27F5A3C0C7E0033A2831217449586E0FDA172E4DF536FE586
1100iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:CB57112B0EEC34F845702E2C6A6760A2
SHA256:17051B0036A4342FFA27B017F2CC6AB614D195667123259B264848329AAEAD52
1100iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HQ3I3ZEN\fashionhold_info[1].htmhtml
MD5:5401307EC16D14536D7AAB9C68789655
SHA256:BF109FA813279CD09689615511FD1AFBC3EF6C63F281FF2A1A7DFD83977E6FE4
1100iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HQ3I3ZEN\caf[1].jstext
MD5:EA9C6059AF22B3E57E9DFB0DEDF42F7C
SHA256:6EA114B43F021E26B87B11FA7AEA849495EB3554A387A8D2EFE4F643F9B2B3A0
2840iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019051520190516\index.datdat
MD5:5E7C52FAE2C18BA9D663800150ED9597
SHA256:00045528B371EABDB1C9F60C842AD72D2FC5229969EBA9C8860C0569D73F64CD
1100iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z5IBQ26R\style[1].csstext
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5
SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B
1100iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019051520190516\index.datdat
MD5:7DD66803366CAC2B89917D967C86D2EF
SHA256:F303A1245B28909C2F7F9731862862CDA67DF7854ABC5D5DF201FBCDA5EE248E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
10
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1100
iexplore.exe
GET
200
198.54.117.197:80
http://fashionhold.info/
US
html
1.58 Kb
malicious
1100
iexplore.exe
GET
200
185.53.179.29:80
http://parkingcrew.net/jsparkcaf.php?regcn=243142&_v=2&_h=fashionhold.info&_t=1557933856355
DE
html
2.54 Kb
whitelisted
1100
iexplore.exe
GET
200
143.204.101.82:80
http://i.cdnpark.com/themes/assets/style.css
US
text
343 b
whitelisted
1100
iexplore.exe
GET
200
143.204.101.35:80
http://i.cdnpark.com/themes/registrar/style_namecheap.css
US
text
1.73 Kb
whitelisted
2840
iexplore.exe
GET
404
198.54.117.197:80
http://fashionhold.info/favicon.ico
US
html
185 b
malicious
1100
iexplore.exe
GET
200
143.204.101.35:80
http://i.cdnpark.com/themes/registrar/images/logo_namecheap.png
US
image
4.80 Kb
whitelisted
1100
iexplore.exe
GET
200
216.58.208.36:80
http://www.google.com/adsense/domains/caf.js
US
text
55.1 Kb
whitelisted
2840
iexplore.exe
GET
200
13.107.21.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
1100
iexplore.exe
GET
200
185.53.178.30:80
http://js.parkingcrew.net/assets/scripts/jsparkcaf.js
DE
text
5.51 Kb
whitelisted
1100
iexplore.exe
GET
200
185.53.178.30:80
http://js.parkingcrew.net/assets/scripts/registrar-caf/243142.js
DE
text
2.92 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1100
iexplore.exe
185.53.179.29:80
parkingcrew.net
Team Internet AG
DE
malicious
172.217.23.174:80
Google Inc.
US
whitelisted
1100
iexplore.exe
198.54.117.197:80
fashionhold.info
Namecheap, Inc.
US
malicious
2840
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1100
iexplore.exe
143.204.101.82:80
i.cdnpark.com
US
suspicious
1100
iexplore.exe
143.204.101.35:80
i.cdnpark.com
US
suspicious
198.54.117.197:80
fashionhold.info
Namecheap, Inc.
US
malicious
1100
iexplore.exe
185.53.178.30:80
js.parkingcrew.net
Team Internet AG
DE
suspicious
1100
iexplore.exe
216.58.208.36:80
www.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
fashionhold.info
  • 198.54.117.197
  • 198.54.117.198
  • 198.54.117.199
  • 198.54.117.200
malicious
i.cdnpark.com
  • 143.204.101.35
  • 143.204.101.82
  • 143.204.101.62
  • 143.204.101.90
whitelisted
parkingcrew.net
  • 185.53.179.29
whitelisted
www.google.com
  • 216.58.208.36
whitelisted
js.parkingcrew.net
  • 185.53.178.30
whitelisted

Threats

No threats detected
No debug info